diff --git a/nodes/centaurus.kosmos.org.json b/nodes/centaurus.kosmos.org.json
index 70f42cc..325d48f 100644
--- a/nodes/centaurus.kosmos.org.json
+++ b/nodes/centaurus.kosmos.org.json
@@ -33,6 +33,8 @@
       "kosmos_assets::nginx_site",
       "kosmos_kvm::host",
       "kosmos-ejabberd::firewall",
+      "kosmos_website",
+      "kosmos_website::default",
       "kosmos_zerotier::firewall",
       "sockethub::_firewall",
       "apt::default",
@@ -86,6 +88,7 @@
     "recipe[kosmos_assets::nginx_site]",
     "recipe[kosmos_kvm::host]",
     "recipe[kosmos-ejabberd::firewall]",
+    "recipe[kosmos_website::default]",
     "recipe[kosmos_zerotier::firewall]",
     "recipe[sockethub::_firewall]"
   ]
diff --git a/site-cookbooks/kosmos_website/attributes/default.rb b/site-cookbooks/kosmos_website/attributes/default.rb
new file mode 100644
index 0000000..4f0e4a0
--- /dev/null
+++ b/site-cookbooks/kosmos_website/attributes/default.rb
@@ -0,0 +1,3 @@
+node.default["kosmos_website"]["domain"]   = "kosmos.org"
+node.default["kosmos_website"]["repo"]     = "https://gitea.kosmos.org/kosmos/website.git"
+node.default["kosmos_website"]["revision"] = "master"
diff --git a/site-cookbooks/kosmos_website/metadata.rb b/site-cookbooks/kosmos_website/metadata.rb
new file mode 100644
index 0000000..a828211
--- /dev/null
+++ b/site-cookbooks/kosmos_website/metadata.rb
@@ -0,0 +1,10 @@
+name 'kosmos_website'
+maintainer 'Kosmos'
+maintainer_email 'ops@kosmos.org'
+license 'MIT'
+description 'Configures the main kosmos.org website'
+long_description 'Configures the main kosmos.org website'
+version '1.0.0'
+chef_version '>= 15.10' if respond_to?(:chef_version)
+
+depends "kosmos-nginx"
diff --git a/site-cookbooks/kosmos_website/recipes/default.rb b/site-cookbooks/kosmos_website/recipes/default.rb
new file mode 100644
index 0000000..903809a
--- /dev/null
+++ b/site-cookbooks/kosmos_website/recipes/default.rb
@@ -0,0 +1,38 @@
+#
+# Cookbook:: kosmos_website
+# Recipe:: default
+#
+
+include_recipe "kosmos-nginx"
+
+domain = node["kosmos_website"]["domain"]
+
+nginx_certbot_site domain
+
+directory "/var/www/#{domain}/site" do
+  user node["nginx"]["user"]
+  group node["nginx"]["group"]
+  mode "0755"
+end
+
+git "/var/www/#{domain}/site" do
+  user node["nginx"]["user"]
+  group node["nginx"]["group"]
+  repository node["kosmos_website"]["repo"]
+  revision node["kosmos_website"]["revision"]
+  action :sync
+end
+
+template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
+  source "nginx_conf_website.erb"
+  owner node["nginx"]["user"]
+  mode 0640
+  variables domain: domain,
+            ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
+            ssl_key:  "/etc/letsencrypt/live/#{domain}/privkey.pem"
+  notifies :reload, "service[nginx]", :delayed
+end
+
+nginx_site domain do
+  action :enable
+end
diff --git a/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb b/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb
new file mode 100644
index 0000000..9e06160
--- /dev/null
+++ b/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb
@@ -0,0 +1,26 @@
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+# Generated by Chef
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name <%= @domain %>;
+
+  root /var/www/<%= @domain %>/site;
+
+  access_log off;
+  gzip_static on;
+  gzip_comp_level 5;
+
+  add_header 'Access-Control-Allow-Origin' '*';
+
+  ssl_certificate     <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+
+  location /.well-known/lnurlp/ {
+    proxy_ssl_server_name on;
+    rewrite /.well-known/lnurlp/([^/]+) /lnurlpay/$1@kosmos.org break;
+    proxy_pass https://accounts.kosmos.org;
+  }
+}
+<% end -%>